4 Ways At-Work Apps Are Vulnerable to Attack

Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.

They haven't completely replaced phone calls or email, but communication and collaboration apps are becoming increasingly popular. For workers today, who are in and out of the office, working on the go, with multiple team members, it's all about convenience and ease of use. Many rely on Slack, Google Hangouts, Box, SharePoint, and other applications to communicate, share files, and collaborate on projects to get their work done in the most efficient manner possible.

For IT teams, there's an added bonus: Collaboration apps are meant to be easier to manage than local servers. The brand responsible for the app takes care of outages or any other disruption; it ensures that communications are backed up and that the system is secured from data loss. Since the brand specializes in its tool, it will have the resources to ensure that things run smoothly and safely.

That's the promise, at least — but the reality is different. A study we conducted in 2018 with 500 enterprise IT decision-makers, managerial level and above, who are involved in cybersecurity efforts in medium and large enterprises revealed that two-thirds of responding companies have been attacked via collaboration tools in the last 12 months, and three-quarters believe the sophistication of such attacks is increasing. Here are some reasons why such tools may be more of a burden than a boon security-wise:

Phishing is a favorite. Attackers have already had great success using phishing techniques. According to the 2017 Verizon data breach report, as many as 95% of security breaches have their origins in socially engineered phishing attacks. Collaboration-tool phishing attacks are takeoffs on the "classic" email scam; rather than send a malicious URL via email, attackers can instead send it through messaging services. The message could come from an insider threat, a third party, or stolen credentials. Interactions via messaging are typically very quick and immediately trusted, meaning users may be less likely to think twice before clicking.

Email and notifications. When you're out of the office, common corporate courtesy dictates that you let people know that you're not available to meet with them — and for that, there is the out-of-office auto-reply, in which you inform people who sent you messages (via email or collaboration app) that you're away. The problem, of course, is that the auto-reply is sent in response to all messages that an inbox gets — and if that response is received by a thief, you could be tipping him off that it's open season on your house.

You can't see them? Doesn't mean they aren't there. Besides messages with "poison links," hackers have had great success in sending their malware to victims via files and documents emailed directly to victims' mailboxes. With a bit of social engineering, hackers can get their prey to open the document, thus unleashing the malware. Advanced hacking techniques enable bad actors to hide malware in macros or scripts of the poisoned document — places that antivirus and other security systems cannot penetrate. Once the document is opened and uploaded to the collaboration platform, the malware can easily spread to anyone else who accesses that document.

For example, if the malware comes in the form of a keylogger, the malware will attach itself to individual users' systems when they access the shared document. If they access it from inside the organization, the keylogger will be able to collect and send back to the hackers each user's corporate login. If one of those logins belongs to an administrator, it's just a matter of time before the hackers get their hands on anything and everything.

Who said that? With the credentials to a collaboration account in hand — obtained perhaps by tricking a member of the group into giving up their name and password — hackers could perpetrate all sorts of mayhem by posing as an employee. (Typically, all it takes is a message from "tech support" saying they need the information.) Then, using the private messaging component of a collaboration app, a skilled hacker could pump a member of the group for information about a contract, event, or other important data. When coupled with the techniques that hackers use to attack organizations via collaboration platforms, the result is a one-two punch that enables them to do what they want, when they want.

Collaboration tools clearly provide great benefits for organizations — but they also provide hackers with a path to compromising IT systems. It's unlikely that companies will give up on collaboration tools, which have opened a whole new window on productivity for both employees and organizations.

What to do? In any human exchange, caution is always warranted — especially if it's done electronically. Before opening a document or a link, employees must ensure that they are not walking into a hacker-laid trap. Context can be important here; documents and links that seem out of character for a project should raise suspicions, and teams should work out a code that will indicate that a communication they receive is a legitimate one (i.e., a naming convention for files, using Google shortcuts for all links, etc.).

And, of course, organizations should implement defensive systems for situations where hackers do get through, despite the caution employees exercise. Collaboration tools are definitely a blessing for modern business — and the task today is to ensure that they don't turn out to be a curse as well, sentencing companies to an eternity in hacker hell.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Yoram Salinger is the CEO of Perception Point, leading the company's growth, strategy and management. He previously served as the CEO of Redbend and Netgame, as well as the COO of Algorithm Research, where he headed marketing and sales for Europe and the Far East. View Full Bio

The reason that server side attacks have transitioned to the minority and client side attacks are now the majority is because people's curiousity is peaked. Plus since email needs to remain open for business it will commonly subvert many of the security layers.

User Awareness is a big piece and constant testing will go a long way. Sites like PhishMe and KnowBe offer integrated services to perfrom.

Always seems to be an impersonation attack through email and infected documents. User education would almost eradicate a huge potion of malware. BUT people are curious and that killed the cat. They want to see what an infected something ACTUALLY DOES. I have seen that crazy desire up close. Or they just want to see if the Liberty Wine company really does owe then $315.62 as per the attached invoice. (Google that one). My rule for email is simple and I encourage all to pass it on: IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of st...

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.